How to Take Action - ICO’s Latest Guidance on the Secure Use of Cloud Computing

The ICO (Information Commissioners Office) recently clarified its guidance for securing data in the cloud under the UK Data Protection Act. This served as a reminder that organisations can shift responsibility but not accountability in protecting personal information in cloud applications.

What does every IT professional need to know?

In this interactive SC Magazine webcast, you’ll hear:
•ICO guidance on protecting data in the cloud
•The penalties associated with failure to comply
•ICO recommendations on encryption and key management
•Case studies on how UK organizations are securing their data in the cloud

ESG recently conducted research around insider threats, privileged users and APTs. While the security community remains fixated on advanced malware, tried-and-true insider threats are becoming more difficult to detect and prevent.

Register for "Privileged Users: Functional. Not Fraudulent" to learn why many organisation are vulnerable to these type of threats in spite of their existing cyber security. Key takeaways will include:

· Key trends around Insider Threats
· Major gaps between existing security processes and available technologies
· Critical components that help to reduce the attack surface
Join us for this must attend webcast to learn how privileged users can get their jobs done - without viewing or compromising data.

When an outside party owns, controls, and manages infrastructure and computational resources, how can you be assured that sensitive data remains private and secure, that your organisation is protected from damaging data breaches, and that you can still satisfy the full range of reporting, compliance and regulatory requirements?

Highlights of this session include:

* How to proactively address security in the cloud so that your organisation isn't next week's data breach headline.
* How to protect intellectual property and comply with data privacy and system integrity regulations.
* How to combine context-aware user access, high performance encryption for data-at-rest and operational control into a single system that seamlessly interacts with existing IT systems.

File sharing whether on a PC or mobile makes workers more productive, that's undebatable, but what does an effective enterprise file sharing platform actually look like? More importantly what will it look like in 10 years time?

Tune into this upcoming SC Magazine webcast to hear from Clive Longbottom, Founder at Quocirca, Accellion - a top ranked Enterprise File Sharing & Sync supplier according to Gartner, as well as further to be confirmed industry experts.

Expect cutting edge discussion on:
* Data Sovereignty: the fall-out from the PRISM
* Alternatives to cloud architectures for modern file sharing platforms
* The part mobile devices play in data leakage and how to suppress this
* What policies you should have in place.

This session is essential viewing for all IS professionals needing to keep up to date with BYOD and file sharing

* What fellow infosec pro's currently consider the most serious threats to the cloud
* Predictions for how these threats will evolve in coming months/years
* Strategies for minimising the risks posed by such threats
* Where pressure to implement file sharing tools for outside the corporate LAN is coming from across the enterprise

This webcast is essential viewing for all information security professionals who need to keep up to date with advancements and trends in threats to data outside the corporate network.

New threats emerge daily, sometimes hourly. But how often are you assessing network vulnerabilities? If it’s less than daily, is your vulnerability management program really protecting your organisation from attacks? Or is it merely a compliance checkbox for auditors?

How often can you claim to know exactly how vulnerable you are, and in turn what to do about those vulnerabilities?

Tune into this SC Magazine online panel discussion to hear case studies and tips from industry experts on how to:
* Actually reduce the risk vulnerabilities pose to your business
* Prioritise vulnerabilities in a way that makes sense for your specific threat posture
* Patch effectively and eventually move away from the patch model all together
* Filter and act on your reams of vulnerability data

Only 22% of data breaches are as a result of an external attack on corporate servers . In the vast majority of cases, breaches involve the inadvertent mishandling of information by insiders or third party partners. For example: a confidential document is accidentally sent to the wrong person, an employee drops files into a consumer-grade file sharing solution to access them on holiday, or an organisation terminates a relationship with a partner or supplier after having shared proprietary information with them.

Enabling your staff to work remotely, on a multitude of devices, and on unsecured networks is essential for many 21st century businesses. However, such a model also has very specific risks, particularly for financial services, life sciences and other IP-intensive industries.

This webcast addresses the technological challenges of maintaining full control of your most sensitive information - even once it goes beyond the firewall - while maintaining the freedom and flexibility necessary to allow your staff and other stakeholders to work as efficiently as possible.

In a recent SC survey, when asked ‘Do you think your current network is secure?’ 43% of IS professionals said Not Sure.

At first glance, this appears a surprisingly high figure – but a closer look at today’s threat matrix soon tells us why. Technology developments such as multi-point cloud solutions, consumerisation, BYOD uptake and even Windows 8 are a major headache in network security for IT leaders. Plus organisations face a growing number of ‘invisible threats’ that they are often not aware of, and which present a very real risk to corporate security.

So what can be done to identify, monitor, respond and report these network security threats in real time?

-Detailed analysis of the evolving threat landscape including the top 3 network security threats you don’t know about
-The knowledge you need to know when choosing a bespoke unified threat management solution for your business
-Real life examples showing why a rigorous, real-time testing environment is needed to make well-informed buying decisions
-Take-home advice on how to make sure the product you use protects against network security threats

In a recent SC Survey of information security professionals 99% of those asked said it was ‘important’ that their organisation has secure file sharing. But 50% said they had ‘no real visibility’ of how data is being sent within and outside the company.

That said, even IT security professionals resort to using insecure file transfer systems so they can get their job done, with many saying they have used the following to transfer sensitive information:

If IT professionals – who know the risks – are prepared to use such systems, what are employees not versed in security prepared to do?

Tune in to hear our experts discuss these and the other quite surprising results, plus a look at how best to protect files shared inside and outside your organisation, while benefiting from the productivity boost such sharing can allow.

With SC’s annual conference taking place later in the year, we have invited some of the speakers to run the rule over a few of the key human factors affecting information security risk.

•Where do human factors rank in relation to other security risks?
•Is it feasible to identify key human risk factors and if so, how can they be successfully integrated into an IT risk matrix?
•Is it true that people value the security of data differently to tangible goods? If so, what can be done to change perceptions?
•To what extent is IT security seen as a board level issue - what steps can be taken to effectively communicate IT risk to the Board?
•Train the trainer – when it comes to communicating, does your average IT security professional err towards Martin Luther King or Hal from 2001? How important are communication skills to the IT security professional
•Spread the love – or at least, the message. Why do staff consistently ignore IT security messages and what can you do, to hit the message home?
•Pa$$word5! Digestible take home tips you can share with your staff on how to choose and remember multiple secure passwords

It has been a year since the European Commission (EC) published the first draft of its updated data protection law but critics have claimed the regulation is overly prescriptive and out of touch with the rapid change in digital communication (SC Magazine Online, January 2013).
SC's upcoming editorial webcast will:

- Take a hard look at 2012's data breaches, trends and developments to see if the regulations are realistic to cope with today's threats

- Reveal how the regulations affect your particular business and how you need to adapt everything from employee behaviour to business processes to avoid scrutiny

- Ask why the same data protection breaches stemming from human error are still being made, and what can we do about it?

- With data breaches continually on the rise due to BYOD, cloud platforms and social networks setting such a furious pace of change - what does the rest of 2013 hold in terms of staying compliant and ultimately keeping your data protected?

On January 1st EC3 (The European Cyber Crime Centre) opened it's doors at Europol.

This signifies the start of European regulators taking a structured approach to cyber security. Breach reporting obligations are undoubtedly going to become a reality for more and more as what's considered 'critical infrastructure' is redefined.

Tune into this SC webcast with Stewart Room - Partner at Field Fisher Waterhouse, and global expert in information security law, for answers to key issues:

* What new legal frameworks can be expected in 2013?
* Will this lead to a deluge of fines, like that received by Sony in mid January?
* How do you engage with a regulator after a data breach?

The modern information security professional is now inextricably intertwined with the law. Tune in to find out how new legislation and regulation is set to affect your role in 2013

Needing to identify who's on your network is a problem as old as corporate IT. BUT...

With the growth in BYOD, remote working, and SaaS, the challenge of actually identifying who is accessing your systems has grown exponentially. SC Magazine has invited Andrew Yeomans and Paul Simmonds, both founding members of the Jericho Forum, to discuss this issue in detail.

Expect to learn:

* Why and how identity is growing in importance
* What’s changed in recent times, and what should you expect in the next 18 months?
* How to implement the Jericho Forum Identity Commandments

Tuning in is essential for any information security professional worried about identity management. And if you're not worried, you should be.

The value of the information security industry is predicted to reach $71bn by 2014 (or roughly $10 for every man woman and child alive).

However, many IS professionals still find their departments lacking time and resources.

SC's upcoming webcast offers 3 essential strategies:
- How to save time by streamlining installation and administration processes.
- How to successfully secure further funding by demonstrating in simple terms why your role is BUSINESS CRITICAL.
- Best practices for efficient incident response.

The ICO (Information Commissioners Office) recently clarified its guidance for securing data in the cloud under the UK Data Protection Act. This served as a reminder that organisations can shift responsibility but not accountability in protecting personal information in cloud applications.

What does every IT professional need to know?

In this interactive SC Magazine webcast, you’ll hear:
•ICO guidance on protecting data in the cloud
•The penalties associated with failure to comply
•ICO recommendations on encryption and key management
•Case studies on how UK organizations are securing their data in the cloud

* How the database threat landscape has changed and what’s coming in 2013?
** Case studies: How fortune 500 companies are defeating attackers and staying compliant
*** What threats should you be monitoring and why should you be monitoring them?
**** Encryption techniques that ensures any stolen data are totally worthless.

Leigh Ellis: Head of Web and Marketing at LNT Group and Tim Williams: Product Manager at Absolute Software

In this upcoming webcast SC magazine chats with Tim Williams of Absolute Software and Leigh Ellis of LNT Group about their recent corporate iPhone roll out. Tune in to find out:

* How they built the business case for an MDM solution
* How they managed to reduce IT hours spent on manual workflows
* How they deployed 1700 iPhones without setting up individual iTunes accounts
* How they fully protected corporate infrastructure and data.

This upcoming SC Magazine webcast looks at the role mobile technologies will play in replacing passwords:

- Can mobile devices truly provide a secure personal identification method?
- How would such a strategy fit with BYOD programmes already in place?
- What are the limits, and what could is likely to happen in the future?

The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organisations not prepared for this new front line of cyber-warfare, what does this spell for your business?

Tune into this live, interactive SC Webinar to:

-Gain a detailed overview of the next generation of threats out there
-Understand how to detect key threats and attacks before they develop a stranglehold on your business
-Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line

This SC webcast provides a legal and technology viewpoints to separate fact from fiction across the global information security industry. Get a grasp of:

- What data protection obligations are actually in place internationally, and why are they there?
- How to stay on the right side of the law, from London to Spain to Singapore
- Staff, systems or superiors – who is actually liable in the event of a data loss?

SC Insight's webcasts feature the leading speakers in the marketplace and address your key challenges.
Sign up to this channel to receive groundbreaking insights into the hottest issues within information security. You can also take part in our votes, put your questions to our live experts and submit your feedback.